RedDelta Targets European Government Organizations and Continues to Iterate Custom PlugX Variant
released on 2022-12-29 @ 01:14:27 PM
During the 3-month period from September through
November 2022, RedDelta has regularly used an infection
chain employing malicious shortcut (LNK) files, which trigger
a dynamic-link library (DLL) search-order-hijacking execution
chain to load consistently updated PlugX versions. Throughout
this period, the group repeatedly employed decoy documents
specific to government and migration policy within Europe.